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[57] ABSTRACT 

An intelligent security device (ID) is disclosed for pro- 
tecting computer software from unauthorized use. Tire 
security device (10) is a hardware device having within 
a microprocessor (36) for interacting with a host com- 
puter (32) such that protected software may not be 
operated unless the security device (10) is in place. 
Fliysical duplication of the security device (10) will not 
result in a workable copy, due to the nature of the mi- 
croprocessor (36), which is such , that information is 
encoded therein and further such that encryption codes 
are also stored therein and cannot be discovered after 
the microprocessor (36) is locked by any known means. 
A system dock (21) within the microprocessor (36) is 
adaptable to the purpose of permitting use of the pro- 
tected software cmly within limited time parameters. 

7 Claims, 3 Drawing Sheets 
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within the Appelbaum device can be discovered if the 

INTELLIGENT SECURTIY DEVICE device can be successfully opened. Although Appel- 

baum correctly suggests that the device can be made 
TECHNICAL FIELD such that it is extremely difficult to open without de- 

The present invention relates generally to the protec- ^ stroying the code, no suggestion is made that this is 
tion of proprietary software against unauthorized usage, impossible. Furthermore, as for the effect of m aking the 
and more particularly to a method for accomplishing portion of the decrypting scheme which resides in soft- 
such protection employing a hardware key type device ware very difficult to decode, while the difficulty is 
for attachment to a computer, which device must be in undeniable, no suggestion is made that it is impossible, 
place in order to access the software. The predominant Yet another hardware device and an associated 
current usage of the intelligent security device of the method which have been developed for the subject 
present invention is as a means for preventing unautho- purpose are taught in U.S. Pat. No. 4,683,553 issued to 
rized access to protected software from a personal com- MoUier. This method renders the protected programs 
putcr or a computer workstation. non-executable in the state in which they are delivered 

BACKGROUND ART ^rs, and utilizes a hardware key which must be 

employed in order to read the program into a comput- 

One of the most pressing issues that has evolved as a er*s primary storage memory in an executable form, 
result of high technology concerns the various attempts This method also is quite effective to oiake the copying 
which have been made to protect a programmer's in-. of programs economically unfeasible as to many soft- 
vestment in the fruits of his or her labor. Both technical 20 programs. However, the Mollier method does rely 
and legal approaches have been tried, but the fact that upon a look up table which resides within the hardware 
"software piracy" remams a major problem speaks weU portion, which table can be read and dupHcated by one 
to the reality that all attempts to date have been less ^th sufficient financial incentive. Therefore, it would 
than totally successful. ^ , ^ ^ „ be entirely possible for an unscrupulous person to dupli- 

There has been a great deal of effort expended m 25 hardware key, and thus to produce multiple 

attempts to prevent the making of unauthorized copies executable copies of the program, 
of software, some of these attempts have been ^ ^^ ^^ ^^^^ ^^^^ . ^^^^ 

more successftJ than others, most such schemes are ^^^^ inv^ton, is marketed by ProTech- marketing, 
defeatedsoon after they are jounced. F^ermore, ^^^^^ Pine Boulevard, Chariot^, 

sch^es which m^e it con^derably more ifficu^^ to 30 p^Tech- device is constructed so as to fit on 

use the software often have the net effect of discourag- * j j * noi't i • ^ 

ing legitimate purchasers, thus making it a better bud- « f . commumcations 

n4 d^ision to risk piracy by foregoing any form of Port, and forttier so that some extenial device or devices 
copy protection. Obviously the more valuable the pro- ^' mstonce, a ^ prmt^ and/or a modem) 

gram, the more incentive there is to expend time and 35 be cmmected to the ProT«jh- device. An object of 
money in an illegitimate effort to copy it, and the ProTech- device is to allow the external device 

greater is the incentive to create a "pirate-proof pro- connected to it Cm this instance, the serial pnnter or the 
tection scheme. modem) to commmucate with the subject computer m a 

Some recent efforts at software protection have been normal manner, while still providing a means for that 
directed at a hardware solution to the problem. A gen- 40 computer to access the device itself. The ProTcch- 
eral system of operation utilized within hardware secu- ^^^ce contains an apparatus which is referred to by the 
rity devices is to have encrypted therem a code or iden- manufacturers as a microprocessor. The nature of this 
tifier which is needed to interact with a protected pro- apparatus is that it contains "look up tables" in a mem- 
gram in order for that program to function. For examr o^y which can be accessed to ensure that the device is in 
pie, one variation of this general theme is to have a code 45 the program in question does not detect that 

number within the hardware device which must be ^ device is in place, then the program will not run, 
decrypted and identified by the software. Another vari- The fact that the ProTech- device is relatively incx- 
ation is to have decryption information within the bard- pensive to manufacture undoubtedly makes it a viable 
ware device which must be used either to identify the economic choice in many instances, 
software or to, in fact, decode all or part of it prior to 50 Yet another example of the prior art is the Ac- 
usage. More complicated variations mdude multi-level tivator- manufactured by Software Security- of 1011 
encryption such as, for example, having software which High Ridge Road, Stamford, Conn. Thb device b also 
must be decrypted using an encryption table found adapted to fit on a computer communications port. It 
within the hardware and then further decrypted within employs an application specific integrated circuit 
the software itself. Of course, numerous other variations 55 (ASIC) to perform in much the same manner as the 
on this general scheme are possible, and many of them ProTech ~ device. Although it would be very difficult 
have been used with varying degrees of success. to decode key information encoded and stored within 

U.S. Pat No. 4,683,968, issued to Appelbaum et al., the Activator- device, as with the ProTech- device, a 
teaches a hardware device and method for using same sufficiently motivated thief could duplicate the Ac- 
which uses a triple encryption scheme in which part of 60 tivator- device, along with the encoded information 
the decryption code resides in the software and part therdn, without necessarily understanding the meaning 
resides in the hardware. In an alternative version, de- of that encoded information. Unfortunately, this would 
cryption is made even more difficult by scattering the be sufficient to result in a working copy of the original 
software portion of the code throughout the program device. 

and the like. While this method undoubtedly makes 65 The utility of security devices which utilize simple 
unauthorized use of the software extremely difficult, look up tables or ASIC^ is well known. Such devices 
and in fact financially unfeasible in many instances, it is are cost effective and function to protect low cost soft- 
not hnmune to the efforts of pirates. Code residing ware quite adequately. However, such devices are not 
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intended for those applications wherein it is economi- 
cally feasible for a software thief to ejqjend a substantial 
amount of time and money in an effort to defeat a soft- 
ware protection system. It is really a very simple and . 
inwqjensivc matter for one skilled in the art to "read" 5 
the encoded data in the memory of such devices and to 
duplicate it or, in the case of ASIC based devices, to 
duplicate the device itself. It is important to note that it 
is not even necessary that such a person undentand the 
encoded data in order to duplicate it 

A feature which has been consider«l for application 
to hardware key devices has been the inclusion of a 
means for controlling the amount of time during which 
a user has access to the subject software. Id many cases, 
a temporary license is granted for the use of software, or 
some other time contingent arrangement is made. How- 
ever, once an owner has turned over all of the software 
and hardware necessary to operate a program, the mat- 
ter is really out of his or her control. Some devices have 
attempted to use system clocks to determine the amount 
of usage to which the program is subject, or to stop 
usage of the program after a predetermined time. How- 
ever, the system clock is within the control of the user, 
and avoidance of this attempted protection is easy. 

All of the prior art software protection devices 
within the inventors' knowledge have offered less than 
an ideal solution to the problem. Many have been diffi- 
cult to uistall and have required connection to external 
power sources to operate. Altemadvely, those which 
have been easier to install and/or have not required 
external power have been relatively easy to duplicate 
by unscrupulous persons. Furthermore, none of the 
prior art software protection devices within the mven- 
tors' knowledge have provided an adequate means for 33 
controlling access to software within a predetermined 
time frame. 

While several prior art devices have made life diffi- 
cult for software pirates, no prior art software protec- 
tion device to the inventor*s knowledge has successfully ^ 
employed a scheme in which the necessary security 
device cannot be duplicated using known methods. 

All successful applications to date have utilized some 
variation of a look up table for decryption of data, 
which look up table is encoded in some form of memory 45 
which can be accessed and duplicated uang known 
technology. 

DISCLOSURE OF INVENTION 

Accordingly, it is an object of the present invention 50 
to provide a security device for software which does . 
not rely upon the physical inaccessibility of its compo- 
nent parts to prevent access to a decoding scheme con- 
cealed therein. 

It is another object of the present invention to pro- 55 
vide a security device for software which does not rely 
upon encryption or other contrivances within the soft- 
ware to foil would be duplicators. 

It is still another object of the present invention to 
provide a security device for software which cannot be 60 
duplicated, in all of its pertinent parts, using any known 
technology. 

It is yet another object of the present invention to 
provide a method for protecting software which pre- 
vents unauthorized use of the software. 65 

It is still another object of the present invention to 
provide a software security means which can be easily 
installed by an end user, and further which can be easily 



transported to alternative sites if such transport is al- 
lowed within the specific scheme of the protection. 

It is yet another object of the present invention to 
provide a software security means which is economical 
to produce and reliable in operation. 

It is still another object of the present invention to 
provide a software security means which is versatile in 
the sense that software suppliers may employ the device 
to accomplish a great variety of equipment restrictions, 
user restrictions, time restrictions, access restrictions 
within a computer networic, or any combination 
thereof, as weU as to accomplish other restrictions 
which may now be contemplated or which may be 
found to be desirable in the future. 

It is yet another object of the present invention to 
provide a software security means which does not re- 
quire special connection to an external power source, 
and further which does not require batteries or other 
sources of power which might require periodic mainte- 
nance. 

It is still anotl^ object of the present invention to 
provide a software security device having processing 
capabilities which may be accessed, at a programmer's 
discretion, for purposes other than the primary security 
purpose. 

It is yet another object of the present invention to 
provide a software security means which can restrict 
access to software according to time parameters, which 
means cannot be affected by altering characteristics of 
an external time source and further which uses an inter- 
nal time source which cannot be altered without de- 
stroying the device and thus preventing further access 
to the subject software. 

Briefly, the preferred embodiment of the present 
invention is a hardware device having therein a micro- 
processor with an integrated central processing unit, 
memory portion, timing and control portion, and uni- 
versal asynchronous receiver/transmitter ("UART') 
portion. A characteristic of the microprocessor is that 
data is stored therein in an encrypted form and further 
that the encryption occurs within the microprocessor 
itself using an encryption code which is also stored in 
the memory of the microprocessor. Simflarly, data 
which is output from the microprocessor is decrypted 
within the microprocessor itself. When the micro- 
processor is "locked" the encryption code cannot be 
read thercftom by any known means (except, perhaps, 
in encrypted form) nor may the microprocessor be 
"unlocked" by any known means without destroying 
the encrypted data codes. Any attempt to open the 
microprocessor would inevitably result in the destruc- 
tion of the device, and no information regarding data 
which had been stored therewithin could be gained 
thereby. Because the software for accessing and manip- 
ulating data stored within the inventive device is also 
stored therein, and because the nature of the micro- 
processor within the inventive device is such that data 
cannot be retrieved and reinserted into another similar 
device without going through at least one more encryp- 
tion process, and because the necessary encryption code 
for accomplishing such a dupUcation without produc- 
ing hopelessly scrambled and unusable daU is locked 
within the device and cannot be retrieved (even by the 
user who originally put it there), a workable copy of the 
inventive device cannot be produced by any known 
means. Additionally, any attempt to access or alter the 
timing and control portion of Ae microprocessor will 
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inevitably result in the destruction of the unit, and no 
benefit would be gained thereby. 

A feature of the present invention is its versatility. 
The inventors beHeve that the present invention may be 
used to implement any known identification and/or S 
cross checldng security scheme, as well as a nearly 
infmite number of possible protection schemes which 
might be devised in the future. The example of this 
employed herein in conjunction with the best presently 
known embodiment of the invention requires the inven< 10 
tive intelligent security device, upon a request from the 
protected operational program, to calculate the answer 
to a complex calculation using information encoded 
within the security device and to return the answer to 
the program. Using known programing techniques, the 15 
data which is that answer has been made necessary to 
the operation of the program. 

While the scope of the present invention is not limited 
thereby, the best presently known embodiment of the 
mvention is designed to be attached by means of a first 20 
RS-232 connector to a serial communications port of a 
personal computer or of a computer workstation. Fur- 
thermore, the best presently known embodiment of the 
invention includes a second RS'232 connector for con- 
nection to an external device by the end user, thus pre- 25 
venting the inventive device from monopolizing the 
computer serial port such that it might not be available 
for its original intended purpose. During the brief in- 
stant during which the intelHgent communications de> 
vice is interacting with the personal computer, normal 30 
communications through that serial port is interrupted. 
However, normal communications are restored as soon 
as the interaction is conqileted. In accordance with the 
desire to make the inventive intelligent security device 
simple to install and use, unique circuitry is incorpo- 35 
rated which allows the device to be powered from , a 
host computer, as for example via the RS-232 port. 

Another feature of the present invention is that access 
to the microprocessor of the present invention is not 
limited to security purposes alone. The microprocessor 40 
within the present invention, when active, appears as an 
adjunct computer connected to the primary conqiuter 
via the primary computer's serial port. A progranmier 
may employ this feature to speed up the subject pro- 
gram by utilizing the intelligent security device as a 45 
coprocessing device, thus speeding up operation of the 
program- It should be noted that this feature itself pro-, 
vides an additional security function, in that causing 
operation of the program to be interdependent with 
operations of the intelligent security device further 50 
insures that the device must be in place in order for the 
program to function. 

Because the software required for operation of the 
inventive security device resides inside the device in 
encrypted form, simple mechanical and electrical dupli- 55 
cation of the device will not result in a workable dupli- 
cate of the device, as the encrypted software cannot be 
replicated. 

An advantage of the present invention is that physical 
duplication of the mtelligent security device will not . 60 
result in a unit which will allow access to protected 
software. 

A further advantage of the present invention is that 
the high degree of mteraction between the inventive 
intelligent security device and protected software pre- 65 
vents, for all practical purposes, modification of the . 
software to allow it to ftmction out of the presence of 
the security device. 
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Yet another advantage of the present invention is that 
encryption and. other data stored within the micro- 
processor of the inventive intelligent security device 
cannot be retrieved for transfer to another device using 
any known technology. 

Stni another advantage of the present invention is 
that it is easily installed by an end user and may be easily 
transported to alternative sites, if such transport is au- 
thorized within the scope of a software license. 

Yet another advantage of the present invention is that 
the intelligent security device is economical to produce 
and reliable in operation. 

Still another advantage of the present invention is 
that it is sufGcicntly versatile to allow programmers to 
use the invention to employ a nearly ii^nite variety of 
software protection schemes. 

Yet another advantage of the present invention is that 
it does not require a special external power connection, 
nor does it have an internal power supply which might 
need periodic maintenance. 

Still another advantage of the present invention is 
that it may be used as a coprocessor to increase the 
operatmg speed of a program. 

Yet another advantage of the present invention is that 
access to protected software may be restricted by time, 
which time parameter is monitored by an internal clock 
which may not be accessed or altered by an end user. 

Still another advantage of the present invention is 
that the unique circuitry provides a means for achieving 
the inventive goals while avoiding the need for an addi- 
tional power source. 

Yet another advantage of the present invention is that 
it does not interfere with the normal operations of a 
computer. 

These and other objects and advantages of the pres- 
ent invention will become clear to those skilled in the 
art in view of the description of the best presently 
known modes of carrying out the invention and the 
industrial applicability of the preferred embodiments as 
described hexein and as illustrated in the several figures 
of the drawing. 

BRIEF DESCRIPTION OF THE DRAWING 

FIG. 1 is a functional block diagram of an intelligent 
security device, according to the present invention; 

FIG. 2 is a detailed schematic diagram of an intelli- 
gent security device, according to the present inven- 
tion; and 

FIG. 3 is a flow chart showing an example of a 
method of software protection, according to the present 
invention. 

BEST MODE FOR CARRYING OUT INVENTION 

The best presently known mode for carrying out the 
invention is an intelligent security device which is inter- 
active with a host computer through a serial communi- 
cations port of the host computer. The predominant 
expected usage of the inventive mtelligent security de- 
vice is in the data processing industry, particularly in 
applications of proprietary software wherem a means to 
prevent unauthorized use or distribution of the software 
is desirable. 

The intelligent security device ("ISD") of the pres- 
ently preferred embodiment of the present invention is 
illustrated in the functional block diagram of FIG. 1 and 
is designated therein by the general reference character 
10. In physical appearance, the ISD 10 is not unlike a 
conventional computer cable adapter plug. As can be 
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seen in the diagram of FIQ. 1, functional components of 
the best presently known embodimcttt 10 of the inven- 
tion include a central processing , unit ("CPU") 12, a 
universal asynchronous receiver/transmitter 
("UARP*) 14, a memory portion 16, a timing and con- 5 
trol portion 18, a power supply 20, a system clock 21, an 
RS-232 to TTL data conversion portion 22, a data com- 
munication switch portion 24, a system interrupt por- 
tion 26, and a reprogram interface portion 28. A subsys- 
tem interacting network 30 provides a means for com- 10 
munication within the above listed portions of the ISD 
10 and between the ISD 10 and a personal host com- 
puter ("PC") 32, and further bet>yeen the PC 32 and a 
computer peripheral device serial connector 34. The 
CPU 12, the UART 14, the memory portion 16, and the 13 
timing and control portion 18 are all subsystems of a 
microprocessor 36. 

In brief, coiomuaications between the PC 32 and the 
computer peripheral device connector 34 may be tem- 
porarily discoimected by the data communication 20 
switch 24 while communications between the PC 32 
and the ISD 10 are enabled. In this condition, communi- 
cations from the PC 32 are converted from RS-232 
levels to TTL levels within the RS-232 data conversion 
portion, while communications generated within the 25 
ISO 10 are converted therem from TTL levels to RS- 
232 levels for transmittal to the PC 32. The power sup- 
ply 20 takes power from the personal computer 32 and 
provides operating power to the ISD 10 therefrom, and 
the system clock 21 provides an operating clock pulse 30 
for operation of the microprocessor 36. The system 
interrupt 26 provides a means to interrupt normal oper- 
ation of the ISD 10 to allow the ISD 10 to communicate 
with the PC 32. 

FIG. 2 is a schematic diagram of the best presently 35 
known embodiment 10 of the invention. In keeping with 
the fact that the best presently known embodiment 10 is 
adapted to fit on the computer serial output port 37 of 
the host computer 32, the ISD 10 has a female connec- 
tor 38 complying with the RS-232 25 pm standard for 40 
connection to the computer serial output port 37 and a 
male coimector 40 for connection to the computer pe- 
ripheral device serial connector 40. The female connec- 
tor 38 and the male connector 40 are intercoimected, as 
shown in the drawing of FIG. 2, with a VCC line 42, a 45 
ground line 44, a reset line 46, a P2.X line 48, a PSEN# 
line 50, an INT 0 line 52, an INT 1 line 54, a receive data 
line 56 and a transmit data line 58. 

Within the microprocessor 36 are the CPU 12 (FIG. 
1), the UART 14 (FIG. 1), the memory 16 (FIG. 1) and 50 
the timing and control portion 18, as' have been previ- 
ously disclosed. The microprocessor 36 used in the 
presently preferred embodiment of the present inven- 
tion is a Dallas SCOOT- type, although any of the 
8X51 - type series might be used interchangeably. Fur- 55 
ther, any other microprocessor having the essential 
characteristics described herein, which might now exist 
or which might be developed in the futxirc, could be 
used, with appropriate adaptive drcuitry as required, to 
practice the present invention. 60 

Power for the operation of the ISD 10 is obtained 
from the INT 0 line 52 and from the . INT 1 line 54 
through a first isolation diode 60 and a second isolation 
diode 62. A first clamping diode 64 and a second clamp- 
ing diode 66 are provided to insure proper voltage d^- 65 
ferential at a microprocessor VCC terminal 68. A volt- 
age regulator zener diode 70, a current limiting resistor 
72 and a surge protection capacitor 74 regulate and 
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smooth power supplied to the microprocessor 36. As 
can be seen in the drawing, power is supplied to the 
VCC terminal 68 and to an EA# terminal 76. In accor- 
dance with normal practice, a reset timing capacitor 78 
is connected between the VCC terminal 68 and a reset 
terminal 80. The system clock 21 has a crystal 84 and 
two clock capacitors 86 coimected between an XTALl 
tenninal 88 and an XTAL2 terminal 90, and a ground 
92, as shown in the drawing of FIG. 2. A VSS terminal 
94 of the microprocessor 36 is connected directly to 
ground 92. 

The RS-232 to TTL data conversion portion 22 has a 
first bgic conversion transistor 96 and a second logic 
conversion transistor 96, which are biased as shown 
using a first converter load resistor 100, a second con- 
verter biasing resistor 102, a third converter biasing 
resistor 104, a fourth converter load resistor 106 and a 
fiflh converter biasing resistor 108. A conversion diode 
112 blocks positive gomg excursions of signal from the 
transmit data line 58 to the second data conversion 
transistor 98. A limiting resistor 114 reduces voltage 
excursions of signal appearing at the first data conver- 
sion transistor 96, and a blocking capacitor 116 provides 
a signal path to ground 92. The net effect of the RS-232 
to TTL data conversion portion 22 is to cause signal 
appearing at RS-232 levels at the transmit data line 58 to 
be converted to TTL levels at a P3. 1 terminal 118 of the 
microprocessor 36. Similarly, signals appearing at TTL 
levels at a P3.0 terminal 120 are converted to RS-232 
levels as they appear on the receive data line 56. 

A PLC terminal 122 and a Pl.l terminal 124 of the 
microprocessor 36 are utilized to produce outputs 
which, as desired, drive into conduction a first relay 
driver transistor 126 and a second relay driver transistor 
127 of the data communications switch 24. The first 
relay driver transbtor 126 is biased as shown in the 
drawing of FIG. 2 by a first driver biasing resistor 130, 
a second driver biasing resistor 132 and a third driver 
load resistor 134, while the second relay driver transis- 
tor 128 is biased by a fourth driver resistor 136, a fifth 
driver resbtor 138 and a sixth driver load resistor 140. 
The first , relay driver transistor 126 is connected to 
actuate a first normally open relay 142 and the second 
relay driver transistor 128 is connected to actuate a 
second normally open relay 144. As can be seen in the 
drawing of FIG. 2, the normally open relays 142 and 
144 interrupt the receive data line 56 and the transmit 
data line 58 such that communications along the receive 
data line 56 and the transmit data line 58 between the 
PC serial connector 37 and the peripheral device serial 
connection 34 may be cormected or disconnected de- 
pending upon the status of the Pl.O terminal 122 and the 
Pl.l terminal 124. As can be appreciated, this enables a 
programmer to temporarily effectively disconnect the 
peripheral device serial connection 34 from the PC 
serial connector 37 to allow communication of the ISD 
10 through the PC serial connector 37. 

The system interrupt portion 26 of the ISD 10 has a 
first voltage converter transistor 146 and a second volt- 
age converter transistor 146, a first interrupt diode 150, 
a second interrupt diode 152, a first interrupt biasing 
resistor 154 and a second interrupt biasing resistor 156. 
Interrupt signals appearing at a P3.2 terminal 158 and a 
P3.3 terminal 160 of the microprocessor 36 are changed 
in voltage level by the voltage converter transistors 146 
and 148 such that the interrupt lines 52 and 54 are pulled 
down, as required, by voltages appropriate to the RS- 
232 standard. In order to ensure that one skilled in the 
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■art can easily duplicate the best presently known em- 
bodiment 10 of the present invention, the following 
TABLE A is included which lists the values and types 
of components utilized by the inventors. 

TABLE A 



10 



1). In the example of FIG. 3, programming and informa- 
tion necessary to carry out an ISD application subrou- 
tine 164 is loaded into the ISD in a download to ISD 
operation 166, and then a set lock bits operation 168 
5 accomplishes the locking process here described. The 
ISD 10 is then ready to be shipped with accompanying 
software for use as described hereinafter. 

In the example of FIG. 3, an ISD interface subroutine 
170, which is within the protected software of concern, 
10 directs the host computer 32 (FIG. 2) to perform a 
security ID code read routine 172 to read a code ft-om 
the ISD 10 (FIG. 1) and checks to make sure the secu- 
rity ID code matches a code stared within the protected 
software. If there is a match the fact that the ISD 10 is 
IS that which is intended and authorized for operation 
with the software in question is confirmed and the pro- 
cess proceeds. If there is no match, control b returned 
to the ISD interface subroutine 170 to either allow 
another try or to shut down operation of the protected 
20 software. It should be noted that, if desired, the aiain 
program protected software could, by way of example 
only, be shut down for a specified period of time, the 
passage of such time being monitored and determined 
by the timing and control portion 18 of the ISD 10. 
25 Having matched a security ID code as described 
above, the process of the example of FIG. 3 proceeds to 
a pass code write routine 174 to write a pass code from 
the operative software within the host computer 32 
(FIG. 2) to the ISD 10. The ISD 10 then actively com- 
30 pares the pass code to verify that it is as expected. It 
should be noted that both an expected pass code and the 
software for making this comparison are stored in en- 
coded form within the ISD 10. If there is a match the 
fact that the protected software is that which is in- 
35 tended and authorized for operation with the ISD 10 is 
confirmed and the process proceeds. 
As has been previously discussed herein, the method Next, in the example of FIG. 3, a prior usage flag 
of using the inventive IDS 10 is, in many respects, lim- check 176 is performed to determine if a prior usage flag 
ited only by the imagination of the programmer cm- has been set If the flag has not been set, indicating that 
ploying the invention. Without limiting the scope of the 40 the protected software has not been previously used, 
invention, or its use, the inventors submit the flowchart the operator is asked to enter a user pass ID (pass word) 
of FIG. 3 as a sketch of an intended method for using within a set new user ID step 178, and the prior usage 
the inventive IDS 10. It is behevcd that any component flag is set in a prior usage Gag set step 180 prior to 
programmer could easily implement the flowchart of proceeding. Alternatively, if the prior usage flag has 
FIG. 3, as well as many significant variations thereof It 45 been previously set, the program asks that the user enter 
should be noted that each of the process steps listed in an end user ID, which should match that entered during 
FIG. 3 consist of several simple program operations, as the first usage of the protected software,, in an obtain 
one familiar with the programming of such operational user ID step 180. If the newly entered user ID matches 
process steps will readily recognize, that previously stored within the ISD during the set 

It is illustrated in FIG. 3 that an ISD program routine 50 new user ID step 178 upon the first usage of the soft- 
162 is required to initially program the ISD 10. This can ware, the program is allowed to proceed. It should be 
be accomplished when the ISD is a fiiUy assembled unit noted that the operations described in this paragraph 
through the RS-232 female connector 38 (FIG. 2) or, are of use both to the manufacturer of the software and 
alternatively, the microprocessor 36 (FIG. 2) can be to the purchaser, because the purchaser may, if he 
accessed directly using well known equipment and 55 wishes, prevent those other than himself from operating 
methods to program the microprocessor 36. Those £a- the software, and thus he may deny access to private 
miliar with the opraation of the microprocessor 36 type information contained in files which may only be ac- 
specified herem will recognize that a 32 byte code is cessed through the software. 

required to program the microprocessor 36 in en- Next, m the example of FIG. 2, a date/time vahdation 
crypted format, and that one has to know the 32 key 60 check step 182 is accomplished. As has been previously 
bytes in their proper sequence in order to read informa- discussed herein, one of the unique features of the pres- 
tion therefrom. Furthermore, once two specific lock ent invention is that software may be reliably secured 
bits in the microprocessor 36 arc set, externally fetched firom usage outside of an authorized time frame. For 
code can not access internal program memory, farther example, a manufacturer may lease the software for a 
programming is disabled, and program verification 65 fixed period of time or, alternatively, a manufacturer 
(even with the correct encryption codes) b also dis- may let a potential purchaser use the software for a 
ablcd. The only way to unlock the microprocessor 36 fixed period of time on a trial basis. For the purposes of 
once it is locked is to erase all of the memory 16 (FIG. the example, we will assume that during the download 
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to ISD operation 166, the manufacturer has pro- 
grammed the ISD to allow the program to continue 
only if certain preprogrammed time conditioas are met 
At the date/time validation check step 180 the ISD. 10 
(FIG. 2) confirms that the time obtained from the sys- 5 
tcm clock 21 (FIG. 2) is within the preset conditions. 
Assuming that the conditions are met, the program is 
allowed to proceed. 

Nest, having demonstrated that the program, ISD, 
user, and time are all within parameters which have 10 
been delineated as acceptable, as described above, in the 
example of FIG. 3, a download missing code step 184 
loads a necessary portion of the protected software, 
which portion has been stored within the ISD 10, into 
the host computer to enable the operation of the pro- 13 
gram. 

Since the inventive ISD has both memory space and 
computational power available, both of which may be 
utilized by progranuners in ways limited only by the 
imagination of the programmer, the best presently 20 
known embodiment 10 of the mvention, as exemplified 
in the example of FIG. 3, has a conventional virus de- 
tection program stored within the ISD. In accordance 
with the example of FIG. 3, the ISD 10 next performs a 
vims detect routine 186 on the operative software. It 25 
should be noted that the type of virus detection routine 
used and object of its operation is not limited to this 
example. For instance, the virus detection program 
could be caused to operate only on files imported into 
the host computer or, alternatively, to check all files 30 
resident on a hard disk (not shown) of the computer. 

Next, in the example of FIG. 3, the ISD is asked to 
perform a local calculation step 188. This is yet another 
tactic of the security scheme, as operation of the pro- 
tected software may be interrupted if an expected an- 35 
swer is not returned. As has been previously discussed 
herein, the ability of the ISD 10 to perform calculations 
may also be employed for the purpose of relieving the 
host coniputer 32 of some tasks, and thus speeding up 
operation of the protected software. Finally, in the 40 
example of FIG. 3, the ISD application subroutine 164 
is ended and an end subroutine/retum to main program 
step 190 is accomplished, 

While several types of software protection schemes 
are presented in the example of FIG. 3, it should be 45 
remembered that it is an object of the present invention 
to provide a security device which is sufficiently versa- 
tile to implement a multitude of such strategies, includ- 
ing those presented herein by way of example, other 
known strategies, and others which might be devised in 50 
the future. 

As is shown above, in great part, the mtelligent secu- 
rity device 10 according to the present invention resem- 
bles some prior art conventional . computer security 
devices in many respects. The substantial difference 55 
exists in the inclusion of the microprocessor 36 having a 
self encryption and locking function, and further in the 
associated circuitry which makes possible the use of the 
microprocessor as described herein. Furthermore, the 
intelligent security device 10 according to the present 60 
invention also closely resembles many conventional 
computers which might be connected m an mteractive 
mode to the PC serial output port 10. The substantial 
differences between the inventive ISD 10 and conven- 
tional computers lies in inclusion of a microprocessor 65 
having the self encryption and locking function de- 
scribed herein, which prevents access to and copying of 
encrypted information within the ISD 10, and further in 



the unique circuitry which allows the operation of the 
ISD 10 without an additional power source, which 
enables practical ^plication of the microprocessor 36 
to the inventive purpose. The use of specialized materi- 
als is not envisioned nor are any special constructions 
required. 

Various modifications may be made to the invention 
without altering its value or scope. For example, the 
inventive method for software security could be em- 
bodied in hardware means adapted to hook to parallel 
port, bus, or other communications means of a com- 
puter. In fact, while the best presently known embodi- 
ment 10 of the invention has been described herein as 
being adapted for connection to a RS<232 serial port, 
embodiments adapted for use with R&422, RS-423 and 
RS-499, such as are used on Apple" and other types of 
computCTS, are specifically envisioned by the inventors 
as being within the scope of the present invention. 

Similarly, modifications of the circuitry of the best 
presently known embodiment ID of the invention to 
provide more or fewer features would render a device 
entirely within the scope of the invention. As just one 
example, a device might be built which does not include 
the data communications switch 24 and the male con- 
nector 40 such that communications with the peripheral 
device serial connector 34 are not possible, but which 
device does incorporate all of the mventive aspects of 
software security. 

Another conceivable change is to vary the above 
described method for using the ISD 10. Since the in- 
tended purpose of the ISD 10 is to provide users with an 
almost infinite variety of means for including the device 
in software protection schemes, it is envisioned that 
schemes not yet devised are within the intended scope 
of the invention. 

All of the above are only some of the examples of 
available embodiments of the present invention. Those 
skilled in the art will readily observe that numerous 
other modifications and alterations may be made with- 
out departing from the spirit and scope of the invention. 
Accordingly, the above disclosure is not intended as 
limiting and the appended claims are to be interpreted 
as encompassing the entire scope of the invention. 

INDUSTRIAL APPLICABILITY 

The intelligent security device may be widely used in 
a great variety of software protection applications. The 
predominant current usages are. for the prevention of 
the unauthorized use of software in personal computers 
and workstations having an RS-232 serial communica- 
tions port 

The intelligent security device of the present inven- 
tion may be utilized in any application wherein conven- 
tional hardware security keys are used. The main area 
of improvement b in the circuitry which provides for 
the interface of the microprocessor 36 with a host com- 
puter. Because the intelligent security device is itself a 
computer which interacts with the host computer in a 
manner very similar to that of any computer pair for 
which intercommunication means are provided, it may 
be programmed to interact with the host computer in an 
almost limitless variety of ways. For example, although 
it is not a primary purpose of the intelligent security 
device, a programmer can easily access it to help the 
host computer perform complicated calculations, 
thereby increasing the speed and power of the host 
computer. 
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Of more relevance to the intended purpose of the 
intelHgent security device are its abilities to interrupt 
communications through the serial port to which it is 
attached, and its ability to either provide or fall to pro* 
vide information to the host computer which will en- S 
able or disable the use of software which is dependent in 
some way upon interaction of the host computer and 
the intelligent security device. 

The inventors believe that the present invention may 
be used to implement any known identification and/or 1® 
cross cheddng security scheme, as well as a nearly 
infmite number of possible protection schemes which 
might be devised m the future. By way of example, a 
software program might request the inventive security 
device to calculate the answer to a con^)lex calculation 
using programming residing within the device. The 
software then checks for a correct answer before pro- 
ceeding. Yet another example is that a small but vital 
portion of the program might be stored within the in- 
ventive security device and must need be retrieved 
during each new activation of the program. Still an- 
other example b that a portion of the program must 
need be decrypted by a decryption program residing 
within the inventive security device. Of course, multi- 
ple levels of program encryption, such as encryption 
schemes relying upon information which is stored in 
part within the security device and in part within the 
software itself, are possible. Any of the above examples 
would function to ensure that the program could not 
operate without the inventive security device being in 
place, which woiild accomplish at least one of the possi- 
ble purposes of the invention. 

Yet other examples might be to have the key check to 
ascertain that the copy of the software is that for which 3 ^ 
it was intended to be used (for instance, where software 
is caused to store a number within its files which is 
altered upon each successive installation of the software 
into a computer), or to check the computer system . 
configuration as a means of assurance that the machine ^ 
to which the intelligent security device is attached is 
that one for which the software is licensed. 

Yet another example of the usefulness of the device 
pertains to the use of a computer as a satellite terminal 
of a distributed system within which the protected pro- 45 
gram is installed. The inventive security devices might, 
for example, be attached to the satellite computers to 
prevent restricted programs or portions thereof from 
being retrieved or used from the system central com- 
puter. Alternatively, the inventive security device 50 
might be attached to the system central computer to 
control such access. 

Since the intelligent security device of the present 
invention may be readily constructed and. is physically 
and electronically compatible with existing computer 55 
equipment, it is expected that it wUI be acceptable in the 
industry as substitutes for the conventional security 
devices and as an improvement thereon. For these and 
other reasons, it is expected that the utility and indus- 
trial applicability of Uie invention will be both signlfi- 60 
cant in scope and long-lasting in duration. 

We claim: 

1. A software protection device for connection to a 
communications port of a host computer, comprising: 
a memory for storing data therein in an encoded 65 
form; 

processing means for. encoding data to be stored in 
said memory, and further for decoding data to be 



retrieved &om said memory, and further for per- 
forming calculations on the data; 
data level conversion means for connecting said pro- 
cessing means to the host computer such that data 
output from the host computer is converted into a 
form usable by said processing means, and further 
such that data output from said processing means is 
converted into a form usable by said host com- 
puter; and 

power isolation means for interconnecting the soft- 
ware protection device to the host computer such 
that the software protection device draws operat- 
ing power from the host computer, wherein; 

said processing means uses a data encryption scheme 
stored in said memory to encode and to decode the 
data; 

a code is required to access said data encryption 
scheme 

said memory and said processing means being com- 
ponents of the software protection device provided 
for supplementing the computer which are housed 
together in a unitary integrated circuit device pack- 
age such that data contained within said memory 
can only be retrieved in usable form by the opera- 
tion of decoding the data through said processing 
means. 

2. The software protection device of claim 1, and 
further including: 

data line interrupt means for selectively temporarily 
interrupting a plurality of computer serial interface 
data lines, such that tfie How of data through the 
communications portion of the host computer can 
be temporarily interrupted to enable communica- 
tions between said processing means and the host 
computer, and further for selectively temporarily 
reinstating the plurality of computer serial inter- 
face data lines such that the host computer can send 
and receive data through the communications port. 

3. The software protection device of claim 1, 
wherein: 

said memory includes instructions for causing said 
processing means to provide a protection device 
identifying code to the host computer. 

4. The software protection device of claim 1, wherein 
said memory includes instructions for: 

causing said processing means to read a software 
identifying code from the host computer; 

compare, within said processing means, the software 
identifying code to an expected software code re- 
siding within the microprocessor, and 

permit the host computer to proceed in operation 
when the software identifying code matches the 
expected software code. 

5. The software protection device of claim 1, wherein 
said memory includes instructions for: 

reading from a clock with said processing means a 
current time; 

comparing the current time to a time parameter limi- 
tation residing within said processing means; and 

permitting the host computer to proceed in operation 
when the current time is within the time parameter 
limitatioa 

6. The software protection device of claim 1, wherein 
said memory includes instructions for: 

causing said processing means to perform a calcula* 
tion; 

returning a calculated result of the calculation to the 
host computer; 
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comparing, within the host computer, the calculated 

result to an expected result residing with the host 

computer, and 
permitting the host computer to proceed in operation 5 

when the calculated result matches the expected 

result. 



16 



7. The software protection device of claim 1, wherein 
said memory includes instructions for: 

causing said processing means to act as a coprocessor 
in that the host computer can assign calculations to 
said processing means, the results of which are 
returned to the host computer. 
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